© 2016 VMware Inc. All rights reserved.

Sławomir SłowińskiAccount ExecutiveVMware Networking and Security

Ewolucja sieci w Data CenterCzas na wirtualizację sieci za pomocąVMware NSX

2

The goals haven’t changed…

Security of Applications and Data

Speed of Delivery

Application Availability

Security of Applications and Data

Speed of Delivery

Application Availability

Changes to InfrastructureVirtualization | Convergence

Changes in Threats and User Behavior

Changes in Application Architectures

APP

…But everything else has

Focus on the App

Complex Goals Tied to the Network…

3

Availability of ApplicationsInability to move or access apps across domains because of inconsistencies in IP and security configurations

Security of the ApplicationInadequate internal security controls, dependent on static network topologies to define policy

Speed of App DeliveryError-prone, repetitive manual processes and scripts for physical networking infrastructure

…Forced Compromises

4

FIXED LIMITATIONSDefined by infrastructure

and resources

IT CAPACITY

Compromised SpeedError-prone manual configurations

Provisioning / configuration delays

Time to market delays

Compromised SecurityThreat response delays

Significant security vulnerabilities

Business and intellectual property risk

SPEED / FLEXIBILITY SECURITY / RISK

Lines of Businessstakeholders

Networking and Security teams

Network

Hardware ConstraintsThe network, still defined by hardware, limits a virtualized environment

5

VIRTUALIZATION PLATFORM PROGRESS

SDDC

StorageCompute

Compute Storage Network

VMVM

VMVM

APP

VMVM

VMVM

APP VMVM

VMVM

APP

VMVM

VMVM

APP VMVM

VMVM

APP

VMVM

VMVM

APP VMVM

VMVM

APP

VMVM

VMVM

APP

Compute Storage Network

VIRTUALIZATION PLATFORM PROGRESS

SDDC

Hardware ConstraintsThe network, still defined by hardware, limits a virtualized environment

6

VMVM

VMVM

APP

VMVM

VMVM

APP VMVM

VMVM

APP

VMVM

VMVM

APP VMVM

VMVM

APP

VMVM

VMVM

APP VMVM

VMVM

APP

VMVM

VMVM

APP

Virtualizing the NetworkRemoving the final data center constraint

7

Hypervisor

vSwitch

Hypervisor

vSwitch

Hypervisor

vSwitch

Hypervisor

vSwitch

Hypervisor

vSwitch

FirewallingLoad BalancingSwitchingRouting

Virtualizing the NetworkRemoving the final data center constraint

8

Hypervisor

vSwitch

Hypervisor

vSwitch

Hypervisor

vSwitch

Hypervisor

vSwitch

Hypervisor

vSwitch

Hypervisor

vSwitch

Network Virtualization Platform

Topology Independence

Pooled Data Center Capacity

VMVM

VMVM

APPVMVM

VMVM

APPVMVM

VMVM

APP

9

Drive business value today without compromise

STRATEGIC DECISION

10

SECURITYArchitecting security as an inherent part of the data center infrastructure

Network VirtualizationHow is it being applied today

AUTOMATIONAutomating IT processes to deliver IT at the speed of business

APPLICATION CONTINUITYEnabling applications and data to reside and be accessible anywhere

11

Web App DB

APPVMVM

VMVM

APP

VMVM

VMVM

APP VMVM

VMVM

APP

VMVM

VMVM

APP VMVM

VMVM

APP

VMVM

VMVM

APP VMVM

VMVM

APP

VMVM

VMVM

APP

VMware NSX SecurityMicro-segmentation | DMZ Anywhere | Secure User Environments

Alignment of Policy ControlsSecurity and networking policy that travels with the workload independent of physical network topology

Granular Policy EnforcementEnabling least privilege security with policy enforced at every workload

Web App DB

12

Rapid and Repeatable Application DeploymentsAutomating Networking and Security for IT and Developers

VMware NSX AutomationIT Automating IT | Multi-tenant Infrastructure

VMVM

VMVM

APP

VMVM

VMVM

APP VMVM

VMVM

APP

VMVM

VMVM

APP VMVM

VMVM

APP

VMVM

VMVM

APP VMVM

VMVM

APP

VMVM

VMVM

APPBLUEPRINT

Data Center 1

Data Center 2 13

Data Centers AnywhereEnabling applications and data to exist

between data centers for disaster recovery or pooling of data center resources

VMware NSX Application ContinuityDisaster Recovery | DC Pooling

VMVM

VMVM

APPVMVM

VMVM

APPVMVM

VMVM

APP

VMVM

VMVM

APPVM

VM

AVMM

VMM

APP

VM

VM

P VMVM

VMVM

APP

VMVM

VMVM

APP VMVM

VMVM

APP

VMVM

VMVM

APP VMVM

VMVM

APP

VMVM

VMVM

APPVMVM

VMVM

APP

14

“I now have the ability to deploy networking and security at the

speed it takes to deploy a VM.” CIO

SECURITY AUTOMATION APP CONTINUITY

From Months to MinutesAccelerating deployment while strengthening security

VMV

MVM

VMV

MVM

VMV

MVM

VMV

MVM

VMV

MVM

VMV

MVM

15

VMV

MVM

VMV

MVM

VMV

MVM

VMV

MVM

VMV

MVM

VMV

MVM

Production PCI

Non-production Shared services

Data Center 1

Data Center 2

Customer Challenges Customer business and technical concerns

Lack of granular segmentation for security of virtual machines

Complex access to shared services for new apps

Manual and time consuming app deployment with inconsistent security policy

Solution RequirementsCustomer demands for NSX

16

Virtualization and mobility awareCompute virtualization-aware and deployable at the speed of a VM

Automate shared services accessAutomate access to shared services on a per app basis without manual intervention

Works at scale across two sitesCentral management across two sites that can operate at scale

Compliance and AuditingPCI compatibility for compliance and auditing

Choice and ExtensibilityService insertion with third party especially IPS for E-W

17

Production PCI

Non-production Shared services

Data Center 1

Data Center 2

Plan ExecutionImmediate realization of business benefits

Critical Segmentation of workloadsProduction | Non-production | PCI

Automated Access to Shared Services Security group and policy set for access to shared IT

services Custom monitoring dashboards using NSX APIs (e.g. list

all FW rules for a VM)

VM

VMV

M

VMV

M

VMV

M

VMV

M

VMV

M

VMV

M

VMV

M

VMV

M

VM

VM

VM

VMV

MVM

VM

VMV

M

VMV

M

VMV

M

VMV

M

VMV

M

VMV

M

VMV

M

VMV

M

VM

VM

VM

VMV

MVM

VM

SDDC Automation NSX security policy model

to simplify and automate Leveraged tagging to classify

workloads into security groups Overlay networking

VM+

Public CloudStrategy

Next ProjectsLeveraging current successes to align future goals

18

New DC Design Strategies

Remote Office Protection

More 3rd Party Appliances Implementation

Micro-segmentationProduction | Non-production | PCI

Automated Access to Shared Services

SDDC Automation

Public CloudStrategy

New DC Design Strategies

Remote Office Protection

More 3rd Party AppliancesImplementation

Micro-segmentationProduction | Non-production | PCI ✓

Automated Access to Shared Services ✓

SDDC Automation ✓

NSX Vision: Driving NSX Everywhere Managing Security and Connectivity for many Heterogeneous End Points

19

Automation

IT at the Speed of Business

Security

Inherently Secure Infrastructure

Application Continuity

Data Center Anywhere

On-Premise Data Center

New app frameworks

Mobile Devices(Airwatch)

Virtual Desktop(VDI)

Branch offices (Partner)

Internet of things

Public clouds

© 2016 VMware Inc. All rights reserved.

Sławomir SłowińskiAccount ExecutiveNetworking and Security+48 609 997 002sslowinski@vmware.com